OMG [username] You Should Untag Yourself in This Video

There is currently a new spam campaign spreading across Facebook. The spam has an appearance similar to the following:

It is worth mentioning that the app_id in the requests is “6628568379”, which may cause the post to look as though it was sent from an iPhone when this is not the case. This is done to give an appearance of further credibility to the scam.

The message may vary slightly as it is randomly generated by using a combination of the following three options:

Part one:

  • hey
  • HEY
  • OMG
  • omg
  • omg!
  • OMG!!
  • WTF
  • wtf
  • wtf!!
  • WTF!!
  • YO
  • yo
  • YO!

Part two:

  • I can't believe you're
  • i cant believe youre tagged
  • what are you doing
  • why are you
  • why are you tagged
  • you look so stupid
  • you should untag yourself

Part three:

  • in this vid
  • in this video

When the video is clicked, malicious JavaScript is copied to the clipboard and the user is asked to paste (“Ctrl+V”) this into the address bar and press “Enter”.

Next, the following message is displayed, which has the Facebook “look and feel”; don’t be fooled – filling out the survey doesn’t verify anything; it just nets a survey fee for the spammers.

Unfortunately, the spam video link is also sent to everyone in your friends list in an attempt to keep the campaign spreading.

Be vigilant when you come across messages like these and if you do happen to click on the link, it would be advisable to remove it from your wall or mark it as spam so that other users aren’t duped by the same trick!

Facebook engineers have been working diligently on the self-cross-site scripting problem; not only have enforcement mechanisms been pursued to shutdown the malicious pages and fake accounts, but also Facebook has been putting affected users through educational checkpoints to help curb the spread of the attacks. Additionally, backend measures exist to slow the rate of these attacks and we are always iterating on new ways to proactively protect users.

Think before you click, don't paste code into your address bar, and keep your software up-to-date.

Thanks to Karthik Selvaraj for drawing attention to this new spam campaign.